部署環境
#
- OS: Debian12
- CPU: 2 Sockets, 2 Cores
- RAM: 6G
- Database: MariaDB: 11.4
System Requirement
#
- LibreNMS
- CPU: 2 Sockets, 4 Cores
- Memory: 2G
- Disk Type: Raid 1, SSD
- Disk Space: 18GB
- Devices: 20
- Ports: 133
- Health sensors: 47
- Load: < 0.1
- MySQL
- CPU: 1 Socket, 2 Cores
- Memory: 2G
- Disk Type: Raid 1, SSD
- Disk Space: 30GB
- Load: < 0.1
安裝前準被
#
- librenms Domain : moniter.home.pollochang.work
- librenms web server
- Admin User 帳號: polloadmin
- Admin User 密碼: password
- Admin User Email: [email protected]
- 資料庫
- 資料庫名稱: librenms
- 帳號: librenms
- 密碼: password
安裝步驟
#
安裝資料庫
#
1
2
3
4
|
sudo apt -y install apt-transport-https curl gnupg gnupg2
sudo mkdir -p /etc/apt/keyrings
sudo curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp'
chmod 0644 /etc/apt/keyrings/mariadb-keyring.pgp
|
- 設定文件: /etc/apt/sources.list.d/mariadb.sources
1
2
3
4
5
6
7
8
9
10
|
# MariaDB 11.4 repository list - created 2023-11-20 07:47 UTC
# https://mariadb.org/download/
X-Repolib-Name: MariaDB
Types: deb
# deb.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details.
# URIs: https://deb.mariadb.org/11.4/debian
URIs: https://mirrors.aliyun.com/mariadb/repo/11.4/debian
Suites: bookworm
Components: main
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp
|
1
2
3
4
5
|
apt update
# 檢查一下確實可以安裝到指定版本
apt list mariadb-server
# mariadb-server/unknown 1:11.4.4+maria~deb12 amd64
apt install mariadb-server mariadb-client
|
安裝 librenms
#
1
|
apt install -y lsb-release ca-certificates wget acl curl fping git graphviz imagemagick mariadb-client mtr-tiny nginx-full nmap php-cli php-curl php-fpm php-gd php-gmp php-mbstring php-mysql php-snmp php-xml php-zip python3-dotenv python3-pymysql python3-redis python3-setuptools python3-systemd python3-pip rrdtool snmp snmpd unzip whois python3.11-venv
|
1
2
3
4
5
|
cd /tmp
wget https://github.com/librenms/librenms/archive/refs/tags/25.1.0.tar.gz
tar -zxf 25.1.0.tar.gz -C /opt/
cd /opt/
ln -s librenms-25.1.0 librenms
|
新增服務帳號: librenms
1
2
3
4
5
|
useradd librenms -d /opt/librenms -M -r -s "$(which bash)"
chown -R librenms:librenms /opt/librenms*
chmod 771 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
|
Install PHP dependencies
使用 Python 虛擬環境,因為在 Debian12 引入了 PEP 668,限制了對系統 Python 環境的直接修改。這樣所有的 Python 依賴都會安裝在 ~/librenms-venv 內,而不影響系統環境。
1
2
3
4
5
6
7
8
|
su - librenms
python3 -m venv ~/librenms-venv
source ~/librenms-venv/bin/activate
pip install -r requirements.txt
./scripts/composer_wrapper.php install --no-dev
exit
su - librenms
pip3 install command_runner --break-system-packages
|
1
|
timedatectl set-timezone Asia/Taipei
|
- /etc/mysql/mariadb.conf.d/50-server.cnf
1
2
3
|
[mysqld]
innodb_file_per_table=1
lower_case_table_names=0
|
1
2
|
systemctl enable mariadb
systemctl restart mariadb
|
1
2
3
4
|
CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
exit
|
1
2
|
cp /etc/php/8.2/fpm/pool.d/www.conf /etc/php/8.2/fpm/pool.d/librenms.conf
vim /etc/php/8.2/fpm/pool.d/librenms.conf
|
- 編輯文件: /etc/php/8.2/fpm/pool.d/librenms.conf
內容如如下:
Change [www] to [librenms]:
Change user and group to “librenms”:
1
2
|
user = librenms
group = librenms
|
Change listen to a unique path that must match your webserver’s config (fastcgi_pass for NGINX and SetHandler for Apache) :
1
|
listen = /run/php-fpm-librenms.sock
|
- 編輯文件: /etc/nginx/sites-enabled/librenms.vhost
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
server {
listen 80;
server_name moniter.home.pollochang.work;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ [^/]\.php(/|$) {
fastcgi_pass unix:/run/php-fpm-librenms.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi.conf;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
|
檢查php時間與資料庫時間是否一致
#
1
|
php -r 'echo date("Y-m-d H:i:s");'
|
如果錯誤要修正要編輯文件: /etc/php/8.2/fpm/php.ini
1
|
date.timezone = "Asia/Taipei"
|
1
|
date.timezone = "Asia/Taipei"
|
設定 .env
#
1
|
APP_URL=http://moniter.home.pollochang.work
|
1
|
$config['base_url'] = 'http://moniter.home.pollochang.work/';
|
啟動網頁服務
#
1
2
3
|
rm /etc/nginx/sites-enabled/default
systemctl reload nginx
systemctl restart php8.2-fpm
|
Enable lnms command completion
1
2
|
ln -s /opt/librenms/lnms /usr/bin/lnms
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/
|
Configure snmpd
1
|
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
|
1
2
|
# RANDOMSTRINGGOESHERE
com2sec readonly default polloservermonitor
|
設定 SNMP 服務
#
1
2
3
4
|
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd
|
1
|
cp /opt/librenms/dist/librenms.cron /etc/cron.d/librenms
|
啟用調度程式
#
1
2
3
4
|
cp /opt/librenms/dist/librenms-scheduler.service /opt/librenms/dist/librenms-scheduler.timer /etc/systemd/system/
systemctl enable librenms-scheduler.timer
systemctl start librenms-scheduler.timer
|
設定 logrotate
#
Copy logrotate config
1
|
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
|
Web installer
#
安裝完成之後確保設定文件權限
1
|
chown librenms:librenms /opt/librenms/config.php
|
搬移資料到指定目錄
#
1
2
3
4
5
6
7
8
9
10
|
systemctl stop php8.2-fpm nginx
mkdir -p /data/librenms/
chown librenms:librenms /data/librenms/
sudo mv /opt/librenms/rrd /data/librenms/
sudo mv /opt/librenms/logs /var/log/librenms
sudo mv /opt/librenms/storage /data/librenms/
ln -s /data/librenms/rrd /opt/librenms/rrd
ln -s /var/log/librenms /opt/librenms/logs
ln -s /data/librenms/storage /opt/librenms/storage
|
LDAP 登入驗證設定
#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
# 使用 LDAP 驗證
$config['auth_mechanism'] = "ldap";
### MySQL 驗證(預設已啟用)
$config['auth_mechanism_mysql'] = true;
### LDAP 驗證設定
$config['auth_mechanism_ldap'] = true;
$config['auth_ldap_server'] = 'ldaps://ldap.home.pollochang.work';
# LDAPS 使用 636 端口
$config['auth_ldap_port'] = 636;
$config['auth_ldap_starttls'] = false;
$config['auth_ldap_prefix'] = 'uid=';
$config['auth_ldap_suffix'] = ',ou=People,dc=home,dc=pollochang,dc=work';
### LDAP 綁定帳號
$config['auth_ldap_binddn'] = 'cn=admin,dc=home,dc=pollochang,dc=work';
$config['auth_ldap_bindpassword'] = 'bindpassword';
### LDAP 使用者屬性對應
$config['auth_ldap_uid_attribute'] = 'uid';
$config['auth_ldap_user_dn'] = 'ou=People,dc=home,dc=pollochang,dc=work';
# $config['auth_ldap_user_attr'] = ['uid'];
### LDAP 群組屬性
$config['auth_ldap_groupbase'] = 'ou=group,dc=home,dc=pollochang,dc=work';
$config['auth_ldap_group'] = 'cn';
$config['auth_ldap_groupmemberattr'] = 'memberUid';
$config['auth_ldap_groupobjectclass'] = "posixGroup";
$config['auth_ldap_groups']['admins']['level'] = 10;
$config['auth_ldap_groups']['login']['level'] = 5;
### 啟用 LDAP 除錯(如遇問題可打開)
$config['auth_ldap_debug'] = false;
$config['auth_debug'] = false;
|
1
2
3
|
cd /opt/librenms/
systemctl restart php8.2-fpm nginx && php artisan config:clear && php artisan cache:clear
tail -f /opt/librenms/logs/librenms.log
|
監控設定
#
設定: /opt/librenms/config.php
#
監控 proxmox
#
1
2
|
# 監控 proxmox
$config['enable_proxmox'] = 1;
|
SNMP
#
被監控的 pve 主機
#
1
2
3
|
apt install libpve-apiclient-perl sudo -y
wget https://raw.githubusercontent.com/librenms/librenms-agent/master/agent-local/proxmox -O /usr/local/bin/proxmox
chmod +x /usr/local/bin/proxmox
|
- 設定文件: /etc/sudoers.d/snmp
1
|
Debian-snmp ALL=(ALL) NOPASSWD: /usr/local/bin/proxmox
|
被監控的 Linux 主機
#
在被監控的 Linux 主機上設定 SNMPv3(Simple Network Management Protocol version 3)通常使用 Net-SNMP,並且需要進行加密和驗證設定,以確保安全性。
步驟 1:安裝 SNMP 相關套件
#
在 Debian/Ubuntu:
#
snmpd vs snmp
- snmpd: 提供本機 snmp 監控資訊
- snmp: 用戶工具端,可以用他來取得其他主機 snmp 監控資訊
在 RHEL/CentOS/Rocky Linux:
#
1
|
sudo dnf install net-snmp net-snmp-utils
|
步驟 2:建立 SNMPv3 使用者
#
SNMPv3 需要使用者驗證,因此需要手動建立使用者。
-
停止 SNMP 服務(新增帳戶前必要動作):
1
|
sudo systemctl stop snmpd
|
-
使用 net-snmp-create-v3-user 工具來建立 SNMPv3 使用者:
1
|
sudo net-snmp-create-v3-user -ro -A "auth_password" -X "priv_password" -a SHA -x AES snmpuser
|
-ro:建立唯讀(Read-Only)使用者-A "auth_password":設定驗證密碼-X "priv_password":設定加密密碼-a SHA:指定驗證方式為 SHA,值可以設定如下
- SHA
- SHA-224
- SHA-256
- SHA-384
- SHA-512
- MD5
-x AES:指定加密方式為 AES
- AES
- AES-192
- AES-256
- AES-256-C
- DES
snmpuser:SNMP 使用者名稱
⚠️ 注意:
auth_password 和 priv_password 需至少 8 個字元。- 可選擇
-rw 來建立具備讀寫權限的使用者。
步驟 3:修改 SNMP 配置
#
開啟 SNMP 配置檔案:
1
|
sudo nano /etc/snmp/snmpd.conf
|
確保以下內容存在:
1
2
3
4
5
6
|
# 僅監聽本機與特定網卡 (例如 eth0)
agentAddress udp:161
# 啟用 SNMPv3 使用者
createUser snmpuser SHA "auth_password" AES "priv_password"
rouser snmpuser authPriv
|
如果要讓 SNMP 監聽在所有介面:
1
|
agentAddress udp:161,udp6:[::1]:161
|
1
2
3
|
/etc/snmp/snmpd.conf.d/lab.conf
agentaddress 172.30.1.200
chown root:Debian-snmp /etc/snmp/snmpd.conf.d/lab.conf
|
1
|
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.101" port protocol="udp" port="161" accept' --permanent
|
步驟 4:啟動並啟用 SNMP 服務
#
1
2
|
sudo systemctl enable snmpd
sudo systemctl restart snmpd
|
步驟 5:測試 SNMPv3 連線
#
測試:
1
|
snmpwalk -OQne -v 3 -t 10 -l authPriv -u snmpuser -a SHA -A auth_password -x AES -X priv_password 192.168.1.100 -Os 1.3.6.1.2.1.2.2.1
|
步驟 6:開放防火牆
#
如果系統有啟用防火牆,則開放 UDP 161 端口:
1
2
|
sudo firewall-cmd --add-port=161/udp --permanent
sudo firewall-cmd --reload
|
這樣就成功配置了一台支援 SNMPv3 的 Linux 伺服器,可用於 LibreNMS、Zabbix、Nagios 等監控系統。
Plugin
#
Weathermap
#
1
2
3
4
5
|
apt install php-pear -y
su - librenms
cd /opt/librenms/html/plugins
git clone https://github.com/librenms-plugins/Weathermap.git
chmod 775 /opt/librenms/html/plugins/Weathermap/configs
|
- 設定排程文件: /etc/cron.d/librenms
1
|
*/5 * * * * librenms /opt/librenms/html/plugins/Weathermap/map-poller.php >> /dev/null 2>&1
|
1
|
systemctl restart cron php8.2-fpm nginx
|
參考資料
#
